Add untrusted-chain support to X509StoreContext by akgood · Pull Request #473 · pyca/pyopenssl (original) (raw)

I explained this to @hynek on IRC yesterday. I really hate to be the bringer of bad news, but here we go!

PyOpenSSL's X509StoreContext should not be used in production code ever. It's ok to use it in test code to manually verify a certificate. But please never use it to perform additional checks during a TLS handshake. Instead PyOpenSSL should give users access X509_STORE_CTX in the verify callback.

It's far from trivial to configure a X509_STORE_CTX correctly. For starters the verification parameters are a nested lookup chain with information from the SSL_CTX->param, SSL->param and X509_STORE_CTX->param. PyOpenSSL does not even expose all fields and setters to configure all flags. There are many more aspects like store lookups, callbacks, DANE.

X509StoreContext.verify_certificate() performs chain building, signature verification and X509 verification all over again. It doubles the amount of work. It slows down connections.

Validation after handshake is too late. You want to validate the cert chain before you send sensible information like a TLS client cert to a rogue server.